Skip to content

Terraform Module Docs

Perforce Helix Authentication Service Module

Requirements

Name Version
terraform >= 1.0
aws 5.59.0
awscc 1.6.0
random 3.6.2

Providers

Name Version
aws 5.59.0
awscc 1.6.0
random 3.6.2

Modules

No modules.

Resources

Name Type
aws_cloudwatch_log_group.helix_authentication_service_log_group resource
aws_ecs_cluster.helix_authentication_service_cluster resource
aws_ecs_cluster_capacity_providers.helix_authentication_service_cluster_fargate_providers resource
aws_ecs_service.helix_authentication_service resource
aws_ecs_task_definition.helix_authentication_service_task_definition resource
aws_iam_policy.helix_authentication_service_default_policy resource
aws_iam_policy.helix_authentication_service_secrets_manager_policy resource
aws_iam_role.helix_authentication_service_default_role resource
aws_iam_role.helix_authentication_service_task_execution_role resource
aws_lb.helix_authentication_service_alb resource
aws_lb_listener.helix_authentication_service_alb_https_listener resource
aws_lb_target_group.helix_authentication_service_alb_target_group resource
aws_s3_bucket.helix_authentication_service_alb_access_logs_bucket resource
aws_s3_bucket_lifecycle_configuration.access_logs_bucket_lifecycle_configuration resource
aws_s3_bucket_policy.alb_access_logs_bucket_policy resource
aws_s3_bucket_public_access_block.access_logs_bucket_public_block resource
aws_security_group.helix_authentication_service_alb_sg resource
aws_security_group.helix_authentication_service_sg resource
aws_vpc_security_group_egress_rule.helix_authentication_service_alb_outbound_service resource
aws_vpc_security_group_egress_rule.helix_authentication_service_outbound_ipv4 resource
aws_vpc_security_group_egress_rule.helix_authentication_service_outbound_ipv6 resource
aws_vpc_security_group_ingress_rule.helix_authentication_service_inbound_alb resource
awscc_secretsmanager_secret.helix_authentication_service_admin_password resource
awscc_secretsmanager_secret.helix_authentication_service_admin_username resource
random_string.helix_authentication_service resource
random_string.helix_authentication_service_alb_access_logs_bucket_suffix resource
aws_ecs_cluster.helix_authentication_service_cluster data source
aws_elb_service_account.main data source
aws_iam_policy_document.access_logs_bucket_alb_write data source
aws_iam_policy_document.ecs_tasks_trust_relationship data source
aws_iam_policy_document.helix_authentication_service_default_policy data source
aws_iam_policy_document.helix_authentication_service_secrets_manager_policy data source
aws_region.current data source

Inputs

Name Description Type Default Required
certificate_arn The TLS certificate ARN for the Helix Authentication Service load balancer. string n/a yes
cluster_name The name of the cluster to deploy the Helix Authentication Service into. Defaults to null and a cluster will be created. string null no
container_cpu The CPU allotment for the Helix Authentication Service container. number 1024 no
container_memory The memory allotment for the Helix Authentication Service container. number 4096 no
container_name The name of the Helix Authentication Service container. string "helix-auth-container" no
container_port The container port that Helix Authentication Service runs on. number 3000 no
create_helix_authentication_service_default_policy Optional creation of Helix Authentication Service default IAM Policy. Default is set to true. bool true no
create_helix_authentication_service_default_role Optional creation of Helix Authentication Service default IAM Role. Default is set to true. bool true no
custom_helix_authentication_service_role ARN of the custom IAM Role you wish to use with Helix Authentication Service. string null no
desired_container_count The desired number of containers running the Helix Authentication Service. number 1 no
enable_helix_authentication_service_alb_access_logs Enables access logging for the Helix Authentication Service ALB. Defaults to true. bool true no
enable_helix_authentication_service_alb_deletion_protection Enables deletion protection for the Helix Authentication Service ALB. Defaults to true. bool true no
enable_web_based_administration Flag for enabling web based administration of Helix Authentication Service. bool false no
environment The current environment (e.g. dev, prod, etc.) string "dev" no
existing_security_groups A list of existing security group IDs to attach to the Helix Authentication Service load balancer. list(string) [] no
fqdn The fully qualified domain name of Helix Authentication Service. string "localhost" no
helix_authentication_service_admin_password_secret_arn Optionally provide the ARN of an AWS Secret for the Helix Authentication Service Administrator password. string null no
helix_authentication_service_admin_username_secret_arn Optionally provide the ARN of an AWS Secret for the Helix Authentication Service Administrator username. string null no
helix_authentication_service_alb_access_logs_bucket ID of the S3 bucket for Helix Authentication Service ALB access log storage. If access logging is enabled and this is null the module creates a bucket. string null no
helix_authentication_service_alb_access_logs_prefix Log prefix for Helix Authentication Service ALB access logs. If null the project prefix and module name are used. string null no
helix_authentication_service_alb_subnets A list of subnets to deploy the Helix Authentication Service load balancer into. Public subnets are recommended. list(string) n/a yes
helix_authentication_service_cloudwatch_log_retention_in_days The log retention in days of the cloudwatch log group for Helix Authentication Service. string 365 no
helix_authentication_service_subnets A list of subnets to deploy the Helix Authentication Service into. Private subnets are recommended. list(string) n/a yes
internal Set this flag to true if you do not want the Helix Authentication Service load balancer to have a public IP. bool false no
name The name attached to Helix Authentication Service module resources. string "helix-auth-svc" no
project_prefix The project prefix for this workload. This is appeneded to the beginning of most resource names. string "cgd" no
tags Tags to apply to resources. map(any) 
{
  "IAC_MANAGEMENT": "CGD-Toolkit",
  "IAC_MODULE": "helix-authentication-service",
  "IAC_PROVIDER": "Terraform"
}
 no
vpc_id The ID of the existing VPC you would like to deploy Helix Authentication Service into. string n/a yes

Outputs

Name Description
alb_dns_name The DNS name of the Helix Authentication Service ALB
alb_security_group_id Security group associated with the Helix Authentication Service load balancer
alb_zone_id The hosted zone ID of the Helix Authentication Service ALB
cluster_name Name of the ECS cluster hosting helix_authentication_service
service_security_group_id Security group associated with the ECS service running Helix Authentication Service